Cybersecurity has been a decades-long “grey rhino” in the wings of this “black swan” event. Last year, a Tokopedia data breach jeopardised more than 15 million user accounts, and cybercrime accounted for 43 percent of all crime in Singapore. Interconnectivity in a digital landscape may bring greater agility and convenience to manufacturers but the same benefits apply to malevolent players which are now no longer encumbered by geography.
Much like multi-layered anti-COVID measures, from defense (face masks and hand sanitisers) to prevention (lockdowns), rapid detection (PCR kits), and a cure (vaccines and antiviral drugs), corporations need to apply the same robust approach to protecting critical infrastructure.
Convergence of IT and OT
Increased interconnectivity also extends to hackers. Companies need to understand that there is no “air gap” between Information Technology (IT) and Operational Technology (OT) – the technology directly monitoring and or controlling industrial equipment, assets, and processes. These are not separate entities but two halves of a whole enterprise.
While many have taken measures to secure IT, their OT systems remain under-protected, becoming a convenient “backdoor” for hackers to breach. Ransomware incidents have become increasingly frequent in manufacturing. Ransomware attackers can penetrate a chink in the armour within minutes and spend months “dormant.” They silently infiltrate the entire network and stay undetected for months while gathering data and critical information before striking.
A recurring issue in OT security is legacy infrastructure, built decades before high-speed internet was commonplace. This means older machinery, equipment and computer systems are a worrying blind spot to IT and security operations teams and can also result in exposure. For example, a factory’s central conveyor belt might still run on an outdated edition of Windows XP no longer supported by its developer, nor compatible with the latest updates and protections.
There is a lot of complexity in the OT layer for manufacturers to address, alongside balancing the costs to modernise. This process is often deprioritised and delayed. Modernisation takes time and requires multi-year transformation. But by making these changes now, organisations can immediately adopt best practices to build a holistically secure IT/OT network environment to neutralise potential threats.
The myth of the panacea
Similar to how we have managed to bring disease outbreaks such as polio and smallpox under control, a multi-layered defence strategy is needed to detect and deter malicious players. Organisations should start with a holistic enterprise-wide security assessment that includes:
- An inventory of authorised and unauthorised devices and software
- Detailed observation and documentation of system performance
- Identification of tolerance thresholds and risk and vulnerability indications
- Prioritisation of each vulnerability based on impact and exploitation potential
- Mitigation techniques required to bring an operation to an acceptable risk state
To develop a robust safety net, organisations must account for software, networks, control systems, site-infrastructure nuances, policies, procedures, and even employee behaviours. Rockwell Automation has defined five core security principals when developing a control system:
1. Secure network infrastructure – A resilient industrial network security system limits access to authorised individuals and protects data against manipulation or theft. With telecommuting becoming the norm, security systems must account for the remote connectivity of people, processes, and information. Networks used in large-scale industrial applications can harness cloud technology, data analytics, and mobility tools to optimise systems monitoring.
2. Authentication and policy management – Often overlooked when developing safety controls around user authentication is the need to minimize potential exposure to threats from internal resources. Management user accounts should be integrated with a means of centralised control. Scalable solutions should also be planned to allow for flexible workflows around disconnected environments, guest user access, and temporary privilege escalation before the necessity arises.
3. Content protection – Automation equipment such as controllers often contain sensitive information. Smart industrial systems require a common, secure environment to protect an organisation’s intellectual property while maintaining productivity and quality.
4. Tamper detection – Unwanted activity and modifications within operational systems can be quashed through speedy detection, recording, and a strong coordinated response. Measures to deter and address potential threats should include a means to centrally record and track all user actions, regular backups of operating asset configurations and electronic files, as well as a meticulous inventory of all devices on a plant floor.
5. Robustness – Plant machinery, operation systems and data storage units can be brought together under a single-system architecture that allows for centralised monitoring and reporting. By leveraging Converged Plantwide Ethernet (CPwE), multinational corporations can achieve greater flexibility, visibility, and efficiency required to remain competitive while retaining full control over their digital assets.
Prevention is always better than cure
Placing equal importance on cybersecurity advancements is essential to future-proofing an organisation. Investing in IT alone can capture short-term growth prospects but leave these gains vulnerable to an overnight cyberattack. Much like how vaccines are crucial to herd immunity, a modern enterprise is only as strong as its weakest link. The best defence is a good offence, via a comprehensive network security system.